Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google.com homepage was/is hijacked, sytem performance lagging


  • Please log in to reply
10 replies to this topic

#1 drumz1

drumz1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 24 March 2012 - 11:14 PM

Greetings BleepingComputer.com,

I am a new member, thank you for taking the time to hear my computer problem. The issue is with my desktop pc, but I am currently using my laptop to post here.
Infected PC specs:
Operating System: Windows XP service pack 3
A/V software: Microsoft Security Essentials (newly installed, previously used AVG Free 2012 at the time problem started)
-also Spybot S&D Resident running

The problem, in short, is that when I go to Google.com with either Firefox (10.0.2) or Internet Explorer (8), a "fake" google page would come up, with search results redirecting me to scam sites. Also, my computer CPU usage started running way high (above 50%) with no programs running, and there is almost constant significant network utilization (can't tell if its uploading or downloading, just looking at the networking window in Windows Task Manager)unless I physically unplug my wireless network card (external USB device, so its easy). This makes me worried that someone or something is transferring files to or from my computer.. and I don't think its just a windows update. My computer is really slow/chunking with even the most simple tasks such as transferring files from one internal drive to another. At first I thought I just needed to de-fragment my drive; it was making so much noise (drive activity, not fan noise) when no program was running, just sitting idle staring at my desktop. De-frag was needed, done, but the problem didn't go away (drive still making lots of noise, CPU usage WAY high, system performance slowed).

Anyways, I found your website when doing a search for what the heck was going on when I would go to Google.com and do a search. Just for reference, this post here seems to be the exact problems I am having: http://www.bleepingcomputer.com/forums/topic445802.html/page__p__2627595#entry2627595

I distinctly remember when this problem started. It was approx. one week ago, and I was doing a search for some obscure electronic music to download, and I ended up at some file-sharing site that apparently had the MP3 I was looking for. I realize this was a bad idea now, but I clicked a "download" button, which really turned out to be a banner I think, and I got bombarded by cookie requests (I have my browser set to always ask before accepting cookies.. yeah it gets tedious but I feel safer that way). Some quick message about Zedo installing popped up and I killed that window asap.
My anti-virus software installed at that point was AVG free 2012, and I had Spybot S&D Resident running.
I was worried at that point about what had just happened so I ran a system scan with both AVG and Spybot. AVG found some trojan horse (sorry I don't have that exact info anymore), and Spybot came up clean. I thought I was in the clear.
Later that day I found that Google searches would bring up a list of results, but each link would take me to some fishy looking re-directed advertising page. Also, the Google homepage looked a little different, older and simpler, without all the links at the bottom that Google homepage usually has (iGoogle, Change Background image, Advertising programs, etc..). The same thing happened with Firefox or Internet Explorer.
I felt like AVG wasn't cutting the mustard, so I uninstalled it, and installed Microsoft Security Essentials on the recommendation from a friend. MSE found several more viruses, and my problem with google disappeared.

I thought that was it, problem solved. But the CPU overly-high usage problem and almost constant network usage was still going on (unless I disconnected my pc from the internet by unplugging the wireless card). And, over the last two days, the google hijack has returned on-and-off, along with alerts of new viruses being found and then seemingly killed by MSE, but then returning on a later reboot or power-up.
Examples are:
Exploit:Java/Blacole.ET
Exploit:Java/CVE-2011-3544.A (and a whole bunch more with this type of number/letter scheme)
Trojan:Win32/Bamital!dat
Trojan:JS/BlacoleRef.AL

I would be very grateful for some guidance as to what to do about this problem, and appreciate any help I can get.

Thank you very much,

Paul B.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:59 AM

Posted 30 March 2012 - 09:28 AM

Hello and welcome..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 drumz1

drumz1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 April 2012 - 02:38 AM

Hello Boopme, thank you for responding to my request for help!

I followed your instructions. Here is the MiniToolBox log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Scrotopulous (administrator) on 31-03-2012 at 23:58:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8169/8110 Family Gigabit Ethernet NIC = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Wireless Network Connection (Connected)
Realtek RTL8169/8110 Family Gigabit Ethernet NIC = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : beef

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-50-8D-B5-AC-37



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter

Physical Address. . . . . . . . . : E0-46-9A-0A-A9-43

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.110

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Saturday, March 31, 2012 11:47:37 PM

Lease Expires . . . . . . . . . . : Sunday, April 01, 2012 11:47:37 PM

Server: my.router
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.200, 74.125.224.201, 74.125.224.206, 74.125.224.192
74.125.224.193, 74.125.224.194, 74.125.224.195, 74.125.224.196, 74.125.224.197
74.125.224.198, 74.125.224.199



Pinging google.com [74.125.239.7] with 32 bytes of data:



Reply from 74.125.239.7: bytes=32 time=18ms TTL=54

Reply from 74.125.239.7: bytes=32 time=15ms TTL=54



Ping statistics for 74.125.239.7:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 18ms, Average = 16ms

Server: my.router
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=38ms TTL=52

Reply from 72.30.38.140: bytes=32 time=25ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 38ms, Average = 31ms

Server: my.router
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d b5 ac 37 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
0x10004 ...e0 46 9a 0a a9 43 ...... NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.110 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.110 192.168.1.110 30
192.168.1.0 255.255.255.0 192.168.1.110 192.168.1.110 20
192.168.1.110 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.110 192.168.1.110 20
224.0.0.0 240.0.0.0 192.168.1.110 192.168.1.110 20
255.255.255.255 255.255.255.255 192.168.1.110 2 1
255.255.255.255 255.255.255.255 192.168.1.110 192.168.1.110 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/31/2012 11:31:33 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/29/2012 11:43:03 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module wmvcore.dll, version 10.0.0.4078, fault address 0x00022245.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/29/2012 11:03:37 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/29/2012 07:44:32 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/27/2012 07:37:55 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/25/2012 06:52:10 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/24/2012 00:01:53 AM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.8202.0, P3 1.123.268.0, P4 1.123.268.0, P5 exploit_java_cve-2011-3544.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (03/23/2012 09:16:34 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/23/2012 08:19:16 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/19/2012 01:31:52 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 1, P5 1, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (03/31/2012 11:31:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/31/2012 11:31:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/31/2012 11:31:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/31/2012 11:31:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY51

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/31/2012 11:31:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/29/2012 11:03:37 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/29/2012 07:44:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/29/2012 07:35:22 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (03/27/2012 07:37:55 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.350.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/25/2012 06:52:10 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.268.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 2.2.0)
7-Zip 4.42
abti uGuru (Version: 3.1.0.5)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 2.0.2.12610)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Airfoil (Version: 2.6)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
ATI AVIVO Codecs (Version: 10.0.0.40103)
ATI Catalyst Install Manager (Version: 3.0.804.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Problem Report Wizard (Version: 3.0.745.0)
ATI Stream SDK v2 Developer (Version: 2.2.0.0)
Bandisoft MPEG-1 Decoder
Battlefield: Bad Company 2
Bonjour (Version: 1.0.104)
Canon MP Navigator 3.0
Canon MP600 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1125.2142.38865)
Catalyst Control Center InstallProxy (Version: 2010.1125.2142.38865)
ccc-core-static (Version: 2010.1125.2142.38865)
ccc-utility (Version: 2010.1125.2142.38865)
CCC Help English (Version: 2010.1125.2141.38865)
Connect (Version: 1.0.0.1)
Creative MediaSource
Creative System Information
Easy-WebPrint
Elemental: War of Magic
FlashGet 3.7 (Version: 3.7.0.1158)
Google Talk (remove only)
Impulse® (Version: 3.29)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
JMB36X Raid Configurer (Version: 1.00.0000)
kuler (Version: 2.0)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.02.5017)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.03.000)
Nexus Mod Manager (Version: 0.14.2)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
PowerDVD (Version: 7.0.2414.0)
QuickTime (Version: 7.69.80.9)
RapidShare Manager (Version: 0.1)
Real Alternative 1.52 (Version: 1.52)
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.05.0000)
ScanSoft OmniPage SE 4.0 (Version: 15.00.0020)
Sound Blaster Audigy 2 ZS Video Editor
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Super Meat Boy
The Elder Scrolls V: Skyrim
The Polynomial
Unofficial Oblivion Patch v3.2.0 (Version: 3.2.0)
Unofficial Official Mods Patch v15 (Version: v11)
Unofficial Shivering Isles Patch v1.4.0 (Version: 1.4.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
VLC media player 0.9.2 (Version: 0.9.2)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.6 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - ABIT (UGURU) System (3.0.2005.531 ) (Version: 3.0.2005.531 )
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 2046.42 MB
Available physical RAM: 432.77 MB
Total Pagefile: 3938.76 MB
Available Pagefile: 2428.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.64 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:139.73 GB) (Free:64.46 GB) NTFS
3 Drive d: (BIGGINS) (Fixed) (Total:931.51 GB) (Free:701.2 GB) NTFS
7 Drive i: () (CDROM) (Total:0.97 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\BEEF

Administrator Guest HelpAssistant
Scrotopulous SUPPORT_388945a0 test


**** End of log ****


p.s. the user accounts shown above don't all seem legit. I have ever only set up two users: "Scrotopulous" and "test"..
"SUPPORT_388945a0" and "HelpAssistant" seem suspicious to me.

Edited by drumz1, 01 April 2012 - 03:33 AM.


#4 drumz1

drumz1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 April 2012 - 02:49 AM

I ran TDSSKiller, and just after the scan was finished my Microsoft Security Essentials popped-up saying it found 5 severe threats, so I allowed their removal:
Trojan:Win64/Alureon.gen!F
Trojan:Win64/Alureon.gen!J
Trojan:Win32/Alureon.gen!AD
Trojan:Win32/Orsam!rts
Trojan:Win32/Alureon.FK

and here is the TDSSKiller log. It did ask for a reboot, so I rebooted:

00:01:02.0100 6092 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:01:02.0569 6092 ============================================================
00:01:02.0569 6092 Current date / time: 2012/04/01 00:01:02.0569
00:01:02.0569 6092 SystemInfo:
00:01:02.0569 6092
00:01:02.0569 6092 OS Version: 5.1.2600 ServicePack: 3.0
00:01:02.0569 6092 Product type: Workstation
00:01:02.0569 6092 ComputerName: BEEF
00:01:02.0569 6092 UserName: Scrotopulous
00:01:02.0569 6092 Windows directory: C:\WINDOWS
00:01:02.0569 6092 System windows directory: C:\WINDOWS
00:01:02.0569 6092 Processor architecture: Intel x86
00:01:02.0569 6092 Number of processors: 2
00:01:02.0569 6092 Page size: 0x1000
00:01:02.0569 6092 Boot type: Normal boot
00:01:02.0569 6092 ============================================================
00:01:06.0022 6092 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4BB5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
00:01:06.0022 6092 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:01:06.0069 6092 \Device\Harddisk0\DR0:
00:01:06.0084 6092 MBR used
00:01:06.0084 6092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11777800
00:01:06.0084 6092 \Device\Harddisk1\DR1:
00:01:06.0084 6092 MBR used
00:01:06.0116 6092 Initialize success
00:01:06.0116 6092 ============================================================
00:01:25.0786 4040 ============================================================
00:01:25.0786 4040 Scan started
00:01:25.0786 4040 Mode: Manual; TDLFS;
00:01:25.0786 4040 ============================================================
00:01:27.0630 4040 Abiosdsk - ok
00:01:27.0630 4040 abp480n5 - ok
00:01:27.0677 4040 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:01:27.0677 4040 ACPI - ok
00:01:27.0708 4040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:01:27.0708 4040 ACPIEC - ok
00:01:27.0755 4040 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
00:01:27.0755 4040 adfs - ok
00:01:27.0942 4040 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
00:01:27.0974 4040 Adobe Version Cue CS4 - ok
00:01:28.0005 4040 adpu160m - ok
00:01:28.0036 4040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:01:28.0036 4040 aec - ok
00:01:28.0083 4040 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:01:28.0083 4040 AFD - ok
00:01:28.0083 4040 Aha154x - ok
00:01:28.0099 4040 aic78u2 - ok
00:01:28.0114 4040 aic78xx - ok
00:01:28.0161 4040 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:01:28.0177 4040 Alerter - ok
00:01:28.0192 4040 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:01:28.0192 4040 ALG - ok
00:01:28.0208 4040 AliIde - ok
00:01:28.0224 4040 amsint - ok
00:01:28.0255 4040 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:01:28.0255 4040 AppMgmt - ok
00:01:28.0286 4040 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:01:28.0286 4040 Arp1394 - ok
00:01:28.0302 4040 asc - ok
00:01:28.0302 4040 asc3350p - ok
00:01:28.0317 4040 asc3550 - ok
00:01:28.0349 4040 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:01:28.0364 4040 aspnet_state - ok
00:01:28.0380 4040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:01:28.0380 4040 AsyncMac - ok
00:01:28.0395 4040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:01:28.0395 4040 atapi - ok
00:01:28.0411 4040 Atdisk - ok
00:01:28.0458 4040 Ati HotKey Poller (4ade3f07de5f5376e6030e16b945a5ef) C:\WINDOWS\system32\Ati2evxx.exe
00:01:28.0474 4040 Ati HotKey Poller - ok
00:01:28.0614 4040 ati2mtag (3fff73a29663eda8ec7169a7cfde29f4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:01:28.0724 4040 ati2mtag - ok
00:01:28.0770 4040 AtiHdmiService (fac04a8e09c8d70594382656d99772a3) C:\WINDOWS\system32\drivers\AtiHdmi.sys
00:01:28.0770 4040 AtiHdmiService - ok
00:01:28.0786 4040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:01:28.0786 4040 Atmarpc - ok
00:01:28.0817 4040 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:01:28.0817 4040 AudioSrv - ok
00:01:28.0848 4040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:01:28.0848 4040 audstub - ok
00:01:28.0973 4040 BCMH43XX (b770039886598aab7cf5eaeec2409e31) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
00:01:28.0989 4040 BCMH43XX - ok
00:01:29.0020 4040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:01:29.0020 4040 Beep - ok
00:01:29.0083 4040 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:01:29.0114 4040 BITS - ok
00:01:29.0192 4040 Bonjour Service (cfd4c3352e29a8b729536648466e8df5) C:\Program Files\Bonjour\mDNSResponder.exe
00:01:29.0192 4040 Bonjour Service - ok
00:01:29.0223 4040 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:01:29.0223 4040 Bridge - ok
00:01:29.0223 4040 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
00:01:29.0223 4040 BridgeMP - ok
00:01:29.0239 4040 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:01:29.0239 4040 Browser - ok
00:01:29.0286 4040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:01:29.0286 4040 cbidf2k - ok
00:01:29.0333 4040 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:01:29.0333 4040 CCDECODE - ok
00:01:29.0348 4040 cd20xrnt - ok
00:01:29.0395 4040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:01:29.0395 4040 Cdaudio - ok
00:01:29.0411 4040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:01:29.0411 4040 Cdfs - ok
00:01:29.0427 4040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:01:29.0427 4040 Cdrom - ok
00:01:29.0442 4040 Changer - ok
00:01:29.0458 4040 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:01:29.0458 4040 CiSvc - ok
00:01:29.0473 4040 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:01:29.0473 4040 ClipSrv - ok
00:01:29.0505 4040 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:01:29.0520 4040 clr_optimization_v2.0.50727_32 - ok
00:01:29.0536 4040 CmdIde - ok
00:01:29.0552 4040 COMSysApp - ok
00:01:29.0552 4040 Cpqarray - ok
00:01:29.0583 4040 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
00:01:29.0583 4040 Creative Service for CDROM Access - ok
00:01:29.0598 4040 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:01:29.0614 4040 CryptSvc - ok
00:01:29.0645 4040 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\DRIVERS\ctdvda2k.sys
00:01:29.0645 4040 ctdvda2k - ok
00:01:29.0677 4040 ctsfm2k (72862fa1eea97bfbf9263b8acfdec0f1) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
00:01:29.0677 4040 ctsfm2k - ok
00:01:29.0692 4040 dac2w2k - ok
00:01:29.0692 4040 dac960nt - ok
00:01:29.0739 4040 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:01:29.0739 4040 DcomLaunch - ok
00:01:29.0770 4040 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:01:29.0770 4040 Dhcp - ok
00:01:29.0786 4040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:01:29.0786 4040 Disk - ok
00:01:29.0802 4040 dmadmin - ok
00:01:29.0848 4040 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:01:29.0864 4040 dmboot - ok
00:01:29.0864 4040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:01:29.0864 4040 dmio - ok
00:01:29.0880 4040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:01:29.0880 4040 dmload - ok
00:01:29.0911 4040 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:01:29.0911 4040 dmserver - ok
00:01:29.0942 4040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:01:29.0942 4040 DMusic - ok
00:01:29.0973 4040 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:01:29.0973 4040 Dnscache - ok
00:01:30.0005 4040 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:01:30.0005 4040 Dot3svc - ok
00:01:30.0020 4040 dpti2o - ok
00:01:30.0052 4040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:01:30.0052 4040 drmkaud - ok
00:01:30.0052 4040 EagleNT - ok
00:01:30.0083 4040 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:01:30.0083 4040 EapHost - ok
00:01:30.0098 4040 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:01:30.0098 4040 ERSvc - ok
00:01:30.0114 4040 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:01:30.0130 4040 Eventlog - ok
00:01:30.0161 4040 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:01:30.0161 4040 EventSystem - ok
00:01:30.0177 4040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:01:30.0177 4040 Fastfat - ok
00:01:30.0208 4040 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:01:30.0208 4040 FastUserSwitchingCompatibility - ok
00:01:30.0223 4040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:01:30.0223 4040 Fdc - ok
00:01:30.0239 4040 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:01:30.0239 4040 Fips - ok
00:01:30.0317 4040 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:01:30.0317 4040 FLEXnet Licensing Service - ok
00:01:30.0348 4040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:01:30.0348 4040 Flpydisk - ok
00:01:30.0348 4040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:01:30.0348 4040 FltMgr - ok
00:01:30.0395 4040 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:01:30.0395 4040 FontCache3.0.0.0 - ok
00:01:30.0411 4040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:01:30.0411 4040 Fs_Rec - ok
00:01:30.0427 4040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:01:30.0427 4040 Ftdisk - ok
00:01:30.0442 4040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:01:30.0442 4040 Gpc - ok
00:01:30.0458 4040 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:01:30.0458 4040 HDAudBus - ok
00:01:30.0489 4040 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:01:30.0489 4040 helpsvc - ok
00:01:30.0489 4040 HidServ - ok
00:01:30.0505 4040 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:01:30.0520 4040 hkmsvc - ok
00:01:30.0520 4040 hpn - ok
00:01:30.0551 4040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:01:30.0551 4040 HTTP - ok
00:01:30.0614 4040 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:01:30.0614 4040 HTTPFilter - ok
00:01:30.0630 4040 i2omgmt - ok
00:01:30.0645 4040 i2omp - ok
00:01:30.0661 4040 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:01:30.0661 4040 i8042prt - ok
00:01:30.0708 4040 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:01:30.0723 4040 idsvc - ok
00:01:30.0723 4040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:01:30.0723 4040 Imapi - ok
00:01:30.0770 4040 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:01:30.0770 4040 ImapiService - ok
00:01:30.0786 4040 ini910u - ok
00:01:30.0801 4040 IntelIde - ok
00:01:30.0801 4040 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:01:30.0817 4040 intelppm - ok
00:01:30.0833 4040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:01:30.0833 4040 Ip6Fw - ok
00:01:30.0848 4040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:01:30.0848 4040 IpFilterDriver - ok
00:01:30.0864 4040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:01:30.0864 4040 IpInIp - ok
00:01:30.0895 4040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:01:30.0895 4040 IpNat - ok
00:01:30.0911 4040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:01:30.0911 4040 IPSec - ok
00:01:30.0926 4040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:01:30.0926 4040 IRENUM - ok
00:01:30.0942 4040 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:01:30.0942 4040 isapnp - ok
00:01:31.0005 4040 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
00:01:31.0005 4040 JavaQuickStarterService - ok
00:01:31.0020 4040 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys
00:01:31.0036 4040 JRAID - ok
00:01:31.0036 4040 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:01:31.0036 4040 Kbdclass - ok
00:01:31.0067 4040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:01:31.0067 4040 kmixer - ok
00:01:31.0098 4040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:01:31.0098 4040 KSecDD - ok
00:01:31.0114 4040 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:01:31.0114 4040 lanmanserver - ok
00:01:31.0130 4040 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:01:31.0145 4040 lanmanworkstation - ok
00:01:31.0145 4040 lbrtfdc - ok
00:01:31.0208 4040 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:01:31.0208 4040 LightScribeService - ok
00:01:31.0208 4040 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:01:31.0208 4040 LmHosts - ok
00:01:31.0255 4040 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
00:01:31.0255 4040 MDM - ok
00:01:31.0286 4040 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:01:31.0286 4040 Messenger - ok
00:01:31.0301 4040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:01:31.0301 4040 mnmdd - ok
00:01:31.0317 4040 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:01:31.0317 4040 mnmsrvc - ok
00:01:31.0333 4040 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:01:31.0348 4040 Modem - ok
00:01:31.0348 4040 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:01:31.0348 4040 Mouclass - ok
00:01:31.0364 4040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:01:31.0364 4040 MountMgr - ok
00:01:31.0395 4040 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:01:31.0395 4040 MpFilter - ok
00:01:31.0458 4040 MpKsl1b87355e (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C157CE62-8FAF-4C06-93EF-1E2D879FBD12}\MpKsl1b87355e.sys
00:01:31.0458 4040 MpKsl1b87355e - ok
00:01:31.0458 4040 mraid35x - ok
00:01:31.0473 4040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:01:31.0473 4040 MRxDAV - ok
00:01:31.0520 4040 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:01:31.0520 4040 MRxSmb - ok
00:01:31.0536 4040 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:01:31.0536 4040 MSDTC - ok
00:01:31.0551 4040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:01:31.0551 4040 Msfs - ok
00:01:31.0567 4040 MSIServer - ok
00:01:31.0583 4040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:01:31.0583 4040 MSKSSRV - ok
00:01:31.0614 4040 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:01:31.0630 4040 MsMpSvc - ok
00:01:31.0645 4040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:01:31.0645 4040 MSPCLOCK - ok
00:01:31.0661 4040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:01:31.0661 4040 MSPQM - ok
00:01:31.0692 4040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:01:31.0692 4040 mssmbios - ok
00:01:31.0723 4040 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:01:31.0723 4040 MSTEE - ok
00:01:31.0755 4040 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:01:31.0755 4040 Mup - ok
00:01:31.0770 4040 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:01:31.0770 4040 NABTSFEC - ok
00:01:31.0801 4040 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:01:31.0801 4040 napagent - ok
00:01:31.0817 4040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:01:31.0833 4040 NDIS - ok
00:01:31.0833 4040 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:01:31.0833 4040 NdisIP - ok
00:01:31.0864 4040 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:01:31.0864 4040 NdisTapi - ok
00:01:31.0880 4040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:01:31.0880 4040 Ndisuio - ok
00:01:31.0911 4040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:01:31.0911 4040 NdisWan - ok
00:01:31.0926 4040 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:01:31.0926 4040 NDProxy - ok
00:01:31.0942 4040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:01:31.0942 4040 NetBIOS - ok
00:01:31.0958 4040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:01:31.0973 4040 NetBT - ok
00:01:31.0989 4040 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:01:31.0989 4040 NetDDE - ok
00:01:32.0005 4040 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:01:32.0005 4040 NetDDEdsdm - ok
00:01:32.0020 4040 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:01:32.0020 4040 Netlogon - ok
00:01:32.0083 4040 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:01:32.0083 4040 Netman - ok
00:01:32.0114 4040 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:01:32.0114 4040 NetTcpPortSharing - ok
00:01:32.0130 4040 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:01:32.0130 4040 NIC1394 - ok
00:01:32.0161 4040 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:01:32.0161 4040 Nla - ok
00:01:32.0239 4040 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
00:01:32.0239 4040 NMIndexingService - ok
00:01:32.0286 4040 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\DRIVERS\npf.sys
00:01:32.0286 4040 NPF - ok
00:01:32.0286 4040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:01:32.0301 4040 Npfs - ok
00:01:32.0333 4040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:01:32.0348 4040 Ntfs - ok
00:01:32.0364 4040 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:01:32.0364 4040 NtLmSsp - ok
00:01:32.0395 4040 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:01:32.0395 4040 NtmsSvc - ok
00:01:32.0426 4040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:01:32.0426 4040 Null - ok
00:01:32.0442 4040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:01:32.0442 4040 NwlnkFlt - ok
00:01:32.0458 4040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:01:32.0458 4040 NwlnkFwd - ok
00:01:32.0504 4040 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:01:32.0520 4040 odserv - ok
00:01:32.0536 4040 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:01:32.0536 4040 ohci1394 - ok
00:01:32.0551 4040 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:01:32.0551 4040 ose - ok
00:01:32.0598 4040 ossrv (eb70b4aa54bd8efdfb19a8b568c5d19e) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
00:01:32.0598 4040 ossrv - ok
00:01:32.0614 4040 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:01:32.0614 4040 Parport - ok
00:01:32.0645 4040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:01:32.0645 4040 PartMgr - ok
00:01:32.0661 4040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:01:32.0661 4040 ParVdm - ok
00:01:32.0661 4040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:01:32.0661 4040 PCI - ok
00:01:32.0676 4040 PCIDump - ok
00:01:32.0692 4040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:01:32.0692 4040 PCIIde - ok
00:01:32.0708 4040 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:01:32.0708 4040 Pcmcia - ok
00:01:32.0723 4040 PDCOMP - ok
00:01:32.0723 4040 PDFRAME - ok
00:01:32.0739 4040 PDRELI - ok
00:01:32.0739 4040 PDRFRAME - ok
00:01:32.0754 4040 perc2 - ok
00:01:32.0770 4040 perc2hib - ok
00:01:32.0801 4040 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys
00:01:32.0801 4040 PfModNT - ok
00:01:32.0833 4040 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:01:32.0833 4040 PlugPlay - ok
00:01:32.0848 4040 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:01:32.0848 4040 PolicyAgent - ok
00:01:32.0879 4040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:01:32.0879 4040 PptpMiniport - ok
00:01:32.0895 4040 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:01:32.0895 4040 ProtectedStorage - ok
00:01:32.0895 4040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:01:32.0911 4040 PSched - ok
00:01:32.0926 4040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:01:32.0926 4040 Ptilink - ok
00:01:32.0942 4040 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:01:32.0942 4040 PxHelp20 - ok
00:01:32.0973 4040 ql1080 - ok
00:01:32.0973 4040 Ql10wnt - ok
00:01:32.0989 4040 ql12160 - ok
00:01:32.0989 4040 ql1240 - ok
00:01:33.0004 4040 ql1280 - ok
00:01:33.0020 4040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:01:33.0020 4040 RasAcd - ok
00:01:33.0036 4040 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:01:33.0036 4040 RasAuto - ok
00:01:33.0051 4040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:01:33.0051 4040 Rasl2tp - ok
00:01:33.0083 4040 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:01:33.0083 4040 RasMan - ok
00:01:33.0098 4040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:01:33.0098 4040 RasPppoe - ok
00:01:33.0114 4040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:01:33.0114 4040 Raspti - ok
00:01:33.0114 4040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:01:33.0129 4040 Rdbss - ok
00:01:33.0129 4040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:01:33.0129 4040 RDPCDD - ok
00:01:33.0145 4040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:01:33.0145 4040 rdpdr - ok
00:01:33.0176 4040 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:01:33.0176 4040 RDPWD - ok
00:01:33.0192 4040 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:01:33.0192 4040 RDSessMgr - ok
00:01:33.0223 4040 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:01:33.0223 4040 redbook - ok
00:01:33.0239 4040 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:01:33.0239 4040 RemoteAccess - ok
00:01:33.0254 4040 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:01:33.0270 4040 RemoteRegistry - ok
00:01:33.0348 4040 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
00:01:33.0379 4040 RichVideo - ok
00:01:33.0629 4040 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:01:33.0629 4040 RpcLocator - ok
00:01:33.0708 4040 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:01:33.0708 4040 RpcSs - ok
00:01:33.0754 4040 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:01:33.0754 4040 RSVP - ok
00:01:33.0786 4040 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
00:01:33.0786 4040 RTL8023xp - ok
00:01:33.0817 4040 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:01:33.0817 4040 SamSs - ok
00:01:33.0911 4040 sbusb (60a5ad0d5f61a237ca611f0413073963) C:\WINDOWS\system32\DRIVERS\sbusb.sys
00:01:33.0942 4040 sbusb - ok
00:01:33.0973 4040 SBUSBAV (1127fcf87657cdad99831baffaca93f8) C:\WINDOWS\system32\DRIVERS\sbusbav.sys
00:01:33.0973 4040 SBUSBAV - ok
00:01:34.0004 4040 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:01:34.0004 4040 SCardSvr - ok
00:01:34.0020 4040 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:01:34.0020 4040 Schedule - ok
00:01:34.0067 4040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:01:34.0067 4040 Secdrv - ok
00:01:34.0082 4040 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:01:34.0082 4040 seclogon - ok
00:01:34.0098 4040 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:01:34.0098 4040 SENS - ok
00:01:34.0114 4040 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:01:34.0114 4040 Serial - ok
00:01:34.0129 4040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:01:34.0145 4040 Sfloppy - ok
00:01:34.0161 4040 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:01:34.0161 4040 SharedAccess - ok
00:01:34.0207 4040 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:01:34.0207 4040 ShellHWDetection - ok
00:01:34.0223 4040 Simbad - ok
00:01:34.0239 4040 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:01:34.0239 4040 SLIP - ok
00:01:34.0254 4040 Sparrow - ok
00:01:34.0270 4040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:01:34.0270 4040 splitter - ok
00:01:34.0286 4040 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:01:34.0301 4040 Spooler - ok
00:01:34.0364 4040 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
00:01:34.0364 4040 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
00:01:34.0379 4040 sptd ( LockedFile.Multi.Generic ) - warning
00:01:34.0379 4040 sptd - detected LockedFile.Multi.Generic (1)
00:01:34.0379 4040 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:01:34.0395 4040 sr - ok
00:01:34.0411 4040 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:01:34.0411 4040 srservice - ok
00:01:34.0426 4040 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:01:34.0442 4040 Srv - ok
00:01:34.0457 4040 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:01:34.0457 4040 SSDPSRV - ok
00:01:34.0473 4040 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:01:34.0504 4040 stisvc - ok
00:01:34.0520 4040 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:01:34.0520 4040 streamip - ok
00:01:34.0551 4040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:01:34.0551 4040 swenum - ok
00:01:34.0567 4040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:01:34.0567 4040 swmidi - ok
00:01:34.0582 4040 SwPrv - ok
00:01:34.0598 4040 symc810 - ok
00:01:34.0614 4040 symc8xx - ok
00:01:34.0629 4040 sym_hi - ok
00:01:34.0661 4040 sym_u3 - ok
00:01:34.0676 4040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:01:34.0676 4040 sysaudio - ok
00:01:34.0707 4040 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:01:34.0707 4040 SysmonLog - ok
00:01:34.0723 4040 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:01:34.0739 4040 TapiSrv - ok
00:01:34.0770 4040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:01:34.0786 4040 Tcpip - ok
00:01:34.0801 4040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:01:34.0801 4040 TDPIPE - ok
00:01:34.0817 4040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:01:34.0817 4040 TDTCP - ok
00:01:34.0832 4040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:01:34.0832 4040 TermDD - ok
00:01:34.0848 4040 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:01:34.0864 4040 TermService - ok
00:01:34.0864 4040 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:01:34.0864 4040 Themes - ok
00:01:34.0895 4040 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:01:34.0895 4040 TlntSvr - ok
00:01:34.0911 4040 TosIde - ok
00:01:34.0911 4040 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:01:34.0926 4040 TrkWks - ok
00:01:34.0926 4040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:01:34.0926 4040 Udfs - ok
00:01:34.0957 4040 UGURU (c3cd138762aab1797805c26bf5defcbe) C:\WINDOWS\system32\drivers\uGuru.sys
00:01:34.0957 4040 UGURU - ok
00:01:34.0957 4040 ultra - ok
00:01:34.0989 4040 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
00:01:35.0004 4040 UMWdf - ok
00:01:35.0004 4040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:01:35.0020 4040 Update - ok
00:01:35.0036 4040 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:01:35.0036 4040 upnphost - ok
00:01:35.0082 4040 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:01:35.0082 4040 UPS - ok
00:01:35.0098 4040 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:01:35.0098 4040 usbaudio - ok
00:01:35.0129 4040 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:01:35.0129 4040 usbccgp - ok
00:01:35.0145 4040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:01:35.0145 4040 usbehci - ok
00:01:35.0161 4040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:01:35.0176 4040 usbhub - ok
00:01:35.0192 4040 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:01:35.0192 4040 usbprint - ok
00:01:35.0207 4040 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:01:35.0207 4040 usbscan - ok
00:01:35.0223 4040 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:01:35.0223 4040 usbstor - ok
00:01:35.0239 4040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:01:35.0239 4040 usbuhci - ok
00:01:35.0254 4040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:01:35.0254 4040 VgaSave - ok
00:01:35.0270 4040 ViaIde - ok
00:01:35.0301 4040 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:01:35.0301 4040 VolSnap - ok
00:01:35.0332 4040 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:01:35.0332 4040 VSS - ok
00:01:35.0364 4040 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:01:35.0364 4040 W32Time - ok
00:01:35.0379 4040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:01:35.0395 4040 Wanarp - ok
00:01:35.0395 4040 WDICA - ok
00:01:35.0411 4040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:01:35.0411 4040 wdmaud - ok
00:01:35.0426 4040 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:01:35.0442 4040 WebClient - ok
00:01:35.0473 4040 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:01:35.0473 4040 winmgmt - ok
00:01:35.0489 4040 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
00:01:35.0489 4040 WmdmPmSN - ok
00:01:35.0536 4040 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:01:35.0551 4040 Wmi - ok
00:01:35.0582 4040 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:01:35.0582 4040 WmiApSrv - ok
00:01:35.0598 4040 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:01:35.0598 4040 WpdUsb - ok
00:01:35.0629 4040 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:01:35.0629 4040 wscsvc - ok
00:01:35.0645 4040 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:01:35.0645 4040 WSTCODEC - ok
00:01:35.0707 4040 WSWNDA3100 (a2c4dc335656fb7a5a3ac076282534cb) C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
00:01:35.0723 4040 WSWNDA3100 - ok
00:01:35.0739 4040 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:01:35.0754 4040 wuauserv - ok
00:01:35.0786 4040 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:01:35.0801 4040 WZCSVC - ok
00:01:35.0832 4040 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:01:35.0848 4040 xmlprov - ok
00:01:35.0879 4040 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
00:01:35.0895 4040 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:01:35.0895 4040 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:01:35.0910 4040 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:01:35.0910 4040 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:01:35.0926 4040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:01:36.0067 4040 \Device\Harddisk1\DR1 - ok
00:01:36.0067 4040 Boot (0x1200) (e5dad923f4ad7b0781ac2d818faaaf56) \Device\Harddisk0\DR0\Partition0
00:01:36.0067 4040 \Device\Harddisk0\DR0\Partition0 - ok
00:01:36.0082 4040 ============================================================
00:01:36.0082 4040 Scan finished
00:01:36.0082 4040 ============================================================
00:01:36.0082 5064 Detected object count: 3
00:01:36.0082 5064 Actual detected object count: 3
00:02:16.0251 5064 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:02:16.0251 5064 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:02:16.0658 5064 \Device\Harddisk0\DR0\# - copied to quarantine
00:02:16.0908 5064 \Device\Harddisk0\DR0 - copied to quarantine
00:02:17.0361 5064 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
00:02:17.0361 5064 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
00:02:17.0486 5064 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
00:02:17.0548 5064 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:02:17.0673 5064 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:02:17.0829 5064 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
00:02:20.0017 5064 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
00:02:20.0126 5064 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
00:02:20.0142 5064 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
00:02:20.0142 5064 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
00:02:20.0173 5064 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
00:02:20.0204 5064 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
00:02:20.0251 5064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
00:02:20.0251 5064 \Device\Harddisk0\DR0 - ok
00:02:25.0813 5064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
00:02:25.0813 5064 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:02:25.0813 5064 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:04:47.0881 6060 Deinitialize success

#5 drumz1

drumz1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 April 2012 - 02:54 AM

and here is the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Scrotopulous :: BEEF [administrator]

Protection: Enabled

4/1/2012 12:18:54 AM
mbam-log-2012-04-01 (00-18-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218663
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 drumz1

drumz1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 April 2012 - 03:28 AM

Wow, the difference is noticeable.. no more obnoxious CPU over-usage, no sneaky network utilization, everything is running smooth. AND, upon reboot, windows update was finally successful in installing 5 security updates that for some reason were failing during the update/install process every time I tried. Looks like this really did the trick!

Many many thanks Boopme and Bleeping Computer! Anything I should do now? How can I donate to the cause?

p.s. Do you have an opinion about Spybot S&D Resident/TeaTimer and its effectiveness?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:59 AM

Posted 01 April 2012 - 04:52 PM

Your welcome. I still want to run a last scan as there is usually leftovers from those.

FYI: mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.
I prefer MBAm over that.




Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


EDIT:
Thanks for the offer... I do not accept donations nor does BC.. But I will recommend, if you'd like to contribute to something that would be very much appreciated..
Make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers,train people here in malware removal or are ajust hard workers.

I am still adding to this list.

farbar
fireman4it
JSntgRvr
m0le
myrti
sempai
Thunder
SweetTech

Edited by boopme, 01 April 2012 - 08:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 drumz1

drumz1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 02 April 2012 - 02:55 AM

Hi Boopme,

Thanks again so much for the help, and for the new advice/info. You mentioned you want to run a last scan.. did you mean I should repeat the processes above (and post the results/logs)?

-Paul B.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:59 AM

Posted 02 April 2012 - 01:11 PM

I forgot it,LOL.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 drumz1

drumz1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 06 April 2012 - 03:31 AM

Hi Boopme,

Sorry about the late response, i was awway for a few days. Here is the results of the ESET online scan:

C:\Documents and Settings\test\Application Data\Sun\Java\Deployment\cache\6.0\43\402b2b-259c2f43 multiple threats deleted - quarantined
C:\Downloads\daemon4123-lite.exe Win32/Adware.Toolbar.Shopper application cleaned by deleting - quarantined
C:\Downloads\winamp56_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Downloads\FlashGet_1.5\flashgetv1.50finalkeygencore.zip probably a variant of Win32/TrojanDownloader.Agent.HXTFUCI trojan deleted - quarantined
C:\Program Files\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.04.2012_00.01.02\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.04.2012_00.01.02\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.04.2012_00.01.02\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined


Thanks again!
Paul B.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:59 AM

Posted 06 April 2012 - 11:26 AM

Looks good now. Still found a Toolbar.. I hate yhose things.. So all should be good now.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users